Lucene search
K

30 matches found

Prion
Prion
added 2021/01/26 6:15 p.m.20 views

Command injection

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

4.6CVSS7.2AI score0.01169EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/01/25 8:37 p.m.20 views

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

7.2AI score0.01169EPSS
Exploits1References1
CVE
CVE
added 2021/01/25 8:37 p.m.42 views

CVE-2020-27542

CVE-2020-27542 affects Rostelecom CS-C2SHW 5.0.082.1. The camera reads configuration from a QR code (including network settings). The static IP config is written to /config/ip-static and, after reboot, its contents are inserted into a bash command without escaping, enabling a Bash command injecti...

6.8CVSS7.1AI score0.01169EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2020/03/26 12:0 a.m.103 views

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2019/07/03 4:28 p.m.19 views

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

9.1AI score0.02625EPSS
Exploits0References2
Saint
Saint
added 2016/03/24 12:0 a.m.55 views

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

10CVSS9.8AI score0.99621EPSS
Exploits31
ICS
ICS
added 2014/11/12 12:0 p.m.26 views

Bash Command Injection Vulnerability (Supplement)

OVERVIEW This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-269-01 Bash Command Injection Vulnerability and all following updates that were originally published September 26, 2014, on the ICS-CERT web site and posted to the US-CERT secure Portal library. Please...

7.4AI score
Exploits0References22
Packet Storm
Packet Storm
added 2014/09/29 12:0 a.m.105 views

GNU Bash 4.3 Command Injection

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment. Any Bash 4.43 and prior Modified by JSacco - [email protected] Exploit Pack 2014 How to run:...

10CVSS10AI score0.99999EPSS
Exploits130
0day.today
0day.today
added 2014/09/25 12:0 a.m.73 views

GNU bash Environment Variable Command Injection Exploit (MSF)

bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload CVE-2014-6271 to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. require 'msf/core' class Metasploit3 'bashedCgi', 'Description' = %q Quick & dirty module to send the BASH...

10CVSS1.1AI score0.99999EPSS
Exploits130
Exploit DB
Exploit DB
added 2013/11/20 12:0 a.m.29 views

PineApp MailSecure - Remote Command Execution

----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https request, without authentication...

7.4AI score
Exploits0
Rows per page
Query Builder